Radically Open Security (ROS) kindly performed a security audit of some parts of Monal.
Specifically they audited the usage of our XML query language and the implementations of SASL2, SCRAM and SSDP.

The results in a nutshell: no security issues found, read the full report here: Monal IM penetration test report 2024 1.0 .